Error in digital signature

Question

I'm using itext 5.5.6 to sign a PDF document, using the: Code sample 4.1: Signing a document using PKCS#11
of the book: Digital Signatures for PDF documents

But I have the following error when validating adobe reader:

Error during signature verification.

Error encountered while validating:

Internal cryptographic library error.

Error Code: 0x2726

I have not found the solution to the error,

attached the document signed: firmado.pdf

I appreciate your comments, Regards.

Answer 1

A first tentative analysis results in the observations that

1. the signature is correctly embedded,
2. the messageDigest signed attribute contains the correct hash of the signed byte ranges of the PDF, but
3. the signature bytes do not constitute a signature of the signed attributes with the private key associated with the given certificate.

This means essentially that the signature you retrieved via P11 is incorrect while iText seems to operate correctly. This may be due to

1. the fact that the Code sample 4.1 was originally made for a SafeNet Luna while you use a Thales nShield Edge and some adaptions are required, or
2. a mixup in the installation of your Thales client or the Thales Edge itself.

Unfortunately I'm not deep into HSMs and therefore cannot tell the exact problem.